Lucene search
K

1215 matches found

CVE
CVE
added 2025/08/20 3:39 p.m.16 views

CVE-2011-10028

CVE-2011-10028 affects RealArcade/RealNetworks RealArcade platform via an ActiveX control (InstallerDlg.dll, 2.6.0.445) exposing Exec through StubbyUtil.ProcessMgr COM. The method allows remote attackers to execute arbitrary commands on a Windows machine without proper validation or restrictions....

8.7CVSS7.7AI score0.01061EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/08/20 3:39 p.m.12 views

CVE-2011-10028 RealNetworks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

8.7CVSS0.01061EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/14 11:29 a.m.6 views

CVE-2025-30033

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component...

8.5CVSS8AI score0.00193EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/08/13 5:45 a.m.9 views

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/08/12 12:0 a.m.7 views

New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises

We uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/08/04 12:0 a.m.2 views

Paramount Macrium Reflect 安全漏洞

Paramount Macrium Reflect is an image-based backup and recovery software from Paramount UK. A security vulnerability exists in Paramount Macrium Reflect version 2025-06-26 and earlier, which stems from an insecure DLL search path that could lead to the execution of arbitrary code with administrat...

7.7CVSS7.1AI score0.00158EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/27 9:0 p.m.2 views

Embedded Malicious Code

Overview num2words is a malicious package. A malicious actor compromised the credentials of one of the package maintainers via a phishing attack; This allowed the attacker to modify the intialization script init.py and publish tampered versions of the package to PyPI. Script Behavior The code...

9.2CVSS7.5AI score
Exploits0References2
CVE
CVE
added 2025/07/27 12:46 a.m.31 views

CVE-2025-6241

Summary: CVE-2025-6241 affects Lakeside Software SysTrack’s LsiAgent.exe, which loads DLLs not present in default installations. If a user-writable directory exists in the SYSTEM PATH, a malicious DLL named wfapi.dll could be written there and executed by LsiAgent.exe at startup or service restar...

4.4CVSS6.5AI score0.00164EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.4 views

Commvault for Windows 安全漏洞

Commvault for Windows is a data backup, recovery software from Commvault, Inc. A security vulnerability exists in Commvault for Windows that originates from a DLL injection and could lead to arbitrary code execution. The following versions are affected: version 11.20.0, version 11.28.0, version...

8.5CVSS7.8AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2025/07/22 10:15 a.m.3 views

CVE-2025-7427

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio...

5.9CVSS6.3AI score0.00155EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/21 6:24 a.m.4 views

Malicious code in got-fetch (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.3 views

SUR-FBD CMMS 安全漏洞

SUR-FBD CMMS is a computerized maintenance management system from the Polish company SUR-FBD. A security vulnerability exists in SUR-FBD CMMS that stems from the presence of hard-coded credentials in a DLL file, which could lead to full control of the application...

8.5CVSS6.6AI score0.0012EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.3 views

HCL Traveler 代码问题漏洞

HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler that stems from vulnerability to DLL hijacking attacks...

9.8CVSS6.7AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:44 a.m.3 views

CVE-2024-6618

In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...

8.5CVSS8.4AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:52 a.m.5 views

CVE-2023-22743

Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This...

7.3CVSS6.6AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 p.m.4 views

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

7.8CVSS7.1AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.5 views

CVE-2021-35449

The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing durin...

7.8CVSS7.2AI score0.01413EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:28 a.m.4 views

CVE-2018-16545

Kaizen Asset Manager Enterprise Edition and Training Manager Enterprise Edition allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library dll assumed the identity of a temporary tmp file isxdl.dll and an executable file assum...

7.8CVSS7.9AI score0.01698EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/05/13 6:15 p.m.3 views

CVE-2023-31358

A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

7.8CVSS6AI score0.00139EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/11 12:0 a.m.3 views

ToDesk 代码问题漏洞

ToDesk is a professional remote desktop software from ToDesk China. A code issue vulnerability exists in ToDesk version 4.7.6.3, which stems from an uncontrolled search path for the library profapi.dll in the component DLL File Parser...

7.3CVSS7AI score0.00171EPSS
Exploits0References5
Rows per page
Query Builder